Overview

File _patchinfo of Package patchinfo.1497

<patchinfo>
  <issue id="808137" tracker="bnc">VUL-1: CVE-2013-1821: ruby: entity expansion DoS vulnerability in REXML</issue>
  <issue id="803342" tracker="bnc">VUL-0: CVE-2013-0269: ruby19/rubygem-json: Denial of Service and Unsafe Object Creation Vulnerability in JSON</issue>
  <issue id="CVE-2013-0269" tracker="cve" />
  <issue id="CVE-2013-1821" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>darix</packager>
  <description>
Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821)

Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also:
  - update json intree to 1.5.5:
    Denial of Service and Unsafe Object Creation Vulnerability in
    JSON CVE-2013-0269
  - limit entity expansion text limit to 10kB CVE-2013-1821
  - get rid of a SEGV when calling rb_iter_break() from some
    extention libraries.
  - some warning suppressed and smaller fixes
</description>
  <summary>ruby: update to fix XML and JSON security problems</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places